<?php
require_once 'Zend/Controller/Plugin/Abstract.php';

class Custom_Controller_Plugin_ACLRole extends Zend_Controller_Plugin_Abstract
{
	protected $_acl;	
	private $_db;
	
	public function __construct()
	{
		$this->_acl = new Zend_Acl();
		$this->_db = Zend_Registry::get('db');
	}
	
	/**
	 * 读取权限
	 * 
	 * (non-PHPdoc)
	 * @see Zend_Controller_Plugin_Abstract::preDispatch()
	 */
	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
		$auth = Zend_Auth::getInstance();
		
		$module = $request->getModuleName();
		$controller = $request->getControllerName();
		$action = $request->getActionName();
		
		//查询登录免疫控制器
		$noauth = include_once APPLICATION_PATH.'/configs/auth.php';
		
		//查询权限免疫控制器及动作
		$noacl = include_once APPLICATION_PATH.'/configs/acl.php';
		
		if((isset($noacl[$module]) && $noauth[$module] == '*') 
				|| (isset($noauth[$module][$controller]) && $noauth[$module][$controller] == '*')
				|| (isset($noauth[$module][$controller][$action]) && $noauth[$module][$controller][$action] == '*'))
		{
			
			
			if((isset($noacl[$module]) && $noacl[$module] == '*') 
					|| (isset($noacl[$module][$controller]) && $noacl[$module][$controller] == '*') 
					|| (isset($noacl[$module][$controller][$action]) && $noacl[$module][$controller][$action] == '*'))
			{
				//当该控制器再所有免疫列表中，不执行任何操作
				return true;
			}
		}
		
		//验证登录认证
		elseif($auth->hasIdentity())
		{
			if((isset($noacl[$module]) && $noacl[$module] == '*')
					|| (isset($noacl[$module][$controller]) && $noacl[$module][$controller] == '*')
					|| (isset($noacl[$module][$controller][$action]) && $noacl[$module][$controller][$action] == '*'))
			{
				return true;
			}
			
			$identity = $auth->getIdentity();
			
			$select = new Zend_Db_Select($this->_db);
			$select->from('st_role', array('role_name','role_permission'));
			$select->where('id = ?', $identity->role_id);
			$select->limit(1);
			
			$row = $this->_db->fetchRow($select);
			$acl = unserialize($row['role_permission']);
			$role = $row['role_name'];
			
			if(isset($acl) && !empty($acl))
			{
				if($acl->hasRole($role) && $acl->has($controller))
				{
					if($acl->isAllowed($role, $controller, $action))
					{
						return true;
					}
				}
			}
			
			$request->setModuleName('manager');
			$request->setControllerName('index');
			$request->setActionName('error');
			$request->setParam('err', '没有访问权限');
		}
		
		//登录认证未通过时
		else 
		{
			$request->setModuleName('manager');
			$request->setControllerName('index');
			$request->setActionName('index');
		}
	}
	
	
	/**
	 * 权限列表配置
	 * 
	 * @param array $resources 权限资源列表
	 * 
	 * @return mixed
	 */
	public function setACL($resources)
	{
		$this->_acl->addRole(new Zend_Acl_Role($resources['role_name']));
		
		if(isset($resources['role_permission']) && !empty($resources['role_permission']) && is_array($resources['role_permission'])) 
		{
			foreach($resources['role_permission'] as $resource) 
			{
				$resource = explode('_', $resource);
				
				if(!$this->_acl->has($resource[0])) 
					$this->_acl->add(new Zend_Acl_Resource($resource[0]));
				
				$this->_acl->allow($resources['role_name'], $resource[0], $resource[1]);
			}
		}
		
		return serialize($this->_acl);
	}
	

}